As Editors of a payments and fintech publication, we’re often told technology is the answer to most things – if not everything. It’s refreshing, then, to read a study which points out that understanding the motives and methods behind fraud is of vital importance – more so than any funky tech stack – to successfully battling fraud post-COVID.0
In an important new study, Arkose Labs argue that regulators, law enforcement and the payments business generally tend to have a poor understanding of how fraudsters function and what motivates them.
Arkose say that this poor understanding leads to the piecemeal application of anti-fraud technologies and weak anti-fraud defences.
Those reading this piece will be aware that COVID has led to spikes in new fraud methods (such as delivery scams, fake invoicing and account takeover) of between 50 and 200 percent.
Arkose point out this is completely unsurprising, since fraudsters will always gravitate to the weakest links in any chain, their motive being to make as much money as quickly as possible with the lowest “investment” in terms of time and resources from their side.
Arkose note fraudsters now operate almost entirely virtually, stealing information from the Dark Web and using heavily encrypted peer-to-peer networks to coordinate massive attacks on the payments system (see figure above).
So far, so vanilla – except that, given the expense and time invested in maintaining these networks and systems, fraudsters are motivated to seek out the greatest vulnerability and exploit it as fast as possible.
That might sound simple, but the implications are profound. It means that phishing scams, for instance, are now of little interest to fraudsters since they require so much effort to produce the same financial results yielded by new and relatively unprotected vulnerabilities such as Account Takeover.
Arkose say that government stimulus cheques designed to support individuals and businesses are an example of a new vulnerability – something corroborated by an anonymous source connected to the European Central Bank, who told PCM that “the misdirection of government stimulus cheques will be the biggest breaking scandal of 2021.”
Other new threats identified by Arkose include chargebacks and friendly fraud, which now account for up to 80 percent of all digital fraud.
The real problem with fraud – and the fix
Arkose say that, apart from a failure to understand what motivates fraudsters (including the desperate straits of many of the economies from which they operate) businesses are insufficiently thorough in their approach to fraud, and too willing to cut corners in fraud defence to save money.
Take the customer journey. Merchants and banks will be told by vendor X that solution Y will solve their fraud problem because it provides great eKYC. Or another vendor will tell them all they need is best-in-class transaction monitoring.
The truth? All of these elements are required – and more. The “more” part of the equation is genuinely robust system security – and taking some difficult decisions about customer service and storage solutions.
“Too many businesses rely on automated customer service solutions and cheap or free off-the-shelf data storage arrangements.”
Running against current thinking, Arkose say businesses should start to bring real people back to their customer service arrangements – not just because people provide better service, but because chatbots and automated chargebacks/dispute resolution are such a rich source of profit for fraudsters.
Their suggestion chimes with the latest thinking in retail management, which says there will always be a role for physical retail as long as it comes with expert sales advice and product demonstrations.
As we move into the digital era, it’s good to read a study which challenges us to improve our thinking and, by extension, our strategic approach – instead of selling another technology solution as a “silver bullet.”
Recent improvements in AI and Machine Learning to one side, it’s doubtful whether any technology will ever match human ingenuity. Fight fire with fire, the old saying goes – and the best way to fight fraud is surely through a considered, end-to-end approach, rather than yet another software license.